Sweet summer days are finally here. Depending on where and how you work, this might be a time for family vacations and relaxing by the sea, or getting up at the crack of dawn and giving thanks to the inventor of air conditioning! As the tourism and aerospace industries can attest, summer is peak travel time, with voyagers on the move for seasonal festivals, corporate contracting and exploration of new destinations. If you’re traveling with digital devices however, new regulations and increasing changes in data sovereignty can add a level of unexpected complexity for the trip, particularly when you’re on the move with sensitive information. Whether you’re off for business or fun, below are seven pieces of advice to take to heart, so you can rest and relax easier:
1. Do an Information Inventory by Device
Bringing your laptop on your travels, your notebook or your smartphone? Before you head to the airport or start driving, take the time to perform due diligence and make certain you know what information you’re carrying around. Ask prior to departure: what would happen if this device fell into the wrong hands? How bad would it be if the entire disk was accessed, stolen or copied without my permission? Unfortunately, this is no longer a risk taken only against pickpockets and valuables: in the past year, border security offices around the world have increased checks on electronic devices, and the data within, before allowing visitors to cross over. Requests have been made and orders given for passwords, access to social media accounts, to outright copying the digital files per device to be investigated later: a dangerous precedent!
For now, the best advice is to be prepared for access, and decide what should and should not be seen: if you often carry sensitive photos or electronic documents with customer personally identifiable information, leave those at home and delete apps that access delicate files or opinions before crossing borders. There’s no guarantee you won’t still be required to provide security with insight into your Facebook, and remember that many social media platforms such as Twitter post publicly as part of service use, but if you don’t want customs to copy and archive personal images, business intelligence or company trade secrets, removing both document and access portal will make it less likely you’ll be asked to hand them over. Erasing your phone before hitting security is also an option, but make sure you have all information, data and precious pictures backed up to the cloud or home on hard disk, least risk loosing more than just your privacy.
2. Lock It down with a Password and Encrypt
No doubt you’ve heard this before, but here it is again: lock your devices. If someone picks up your phone they should need the digital key before accessing your information; an important security step when at-home, but even more critical on the road. For apps and accounts on the phone consider logging out during travels, to limit the data that could be accessed if the phone is hacked open. Turning on file encryption and setting up two-factor authentication where possible is even better, adding an extra layer of security before allowing account access. Be aware however, it will mean you’ll need to enter verification when you do need to access the data, so don’t leave the device that receives the authentication code at home!
One consideration: if you usually lock devices via fingerprint or biometrics, consider switching back to password protection before you travel, even if only for the duration of your trip. The argument is, while fingerprint scanning will lock your device, you may not want to give that biological data over to the customs officer of another country when checking in. Passwords, by contrast, can be changed on the fly: if uncomfortable, you can change your passwords later when you return home.
3. Back up Your Data
Backing up devices should already be regular routine to protect against system errors and ransomware: before you go on the road always have a recent backup your device can be restored from. Although there’s no increased risk for malware attacks when traveling, there is a much greater risk of devices being stolen or lost: it’s too simple, when out of your regular routine, to leave a phone unattended in a public place that you’re not familiar with. Not to mention, if recognized as a tourist you’ll have much larger ‘steal from me’ signs on your back than you would as a local. Devices can get crushed in the shuffle of packing, broken through border accidents or short-circuited due to differences in power standards. Having a device stolen or broken while away is nerve-wreaking; don’t add to it by knowing you’ve lost valuable information along the ride.
4. Where Are You Going? Different Data Laws Exist in Different Countries
Even if you’re not a news hound, do make efforts to have a quick understanding of the culture and environment before stepping off to any new country. When visiting foreign nations, all of us become unofficial ambassadors for our hometowns and native lands: know ahead of time the basics of avoiding unintentional lawbreaking and cultural faux-pas. For privacy and cyber security, take a quick check on data controversies or new regulations of the host country before you go. Keep in mind that just because you have one nationality doesn’t mean the data on your device will follow suit: in some areas, data can be requested and accessed by a foreign government when the data resides on that government’s soil, which is what happens when you’ve taken the disk with you. New regulations, such as the Cyber Security Law in China, while intent to make local networks safer against threats, can also include provisions for security officials to see what information is coming into the country; and in some cases, such as when dealing with client financial information, giving them access also violates your own nation’s privacy polices and organizational customer trust.
5. VPNs: Great for Data on the Go
Looking to do a bit of work while away? Before you use that public wi-fi to connect to the company’s server, consider investing in a good VPN service. Short for Virtual Private Network, VPNs encrypt the online connection between your device and the server you’re attempting to access, while hiding your exact geographical location from anyone attempting to pry. The geolocation blocking feature is often used as a way to get by regional internet restrictions, which can be of benefit when trying to see content while away that is normally only available from your home country. Two words of warning however: avoid free VPN services when possible, and do check that the country’s data laws allow VPN access to begin with. Free VPNs often have a hidden price for their use, including access to the data you wish to protect, while countries such as Turkey, China and the United Arab Emirates have been known to crack down on VPN usage. For a full list of where VPNs are and are not legal, here’s a list.
6. Has Your Device Been out of Hand? Run a Security Sweep Before You Use
If you don’t know who has touched your device last, consider running security software first thing as a proactive protective measure against unsavoury programs hidden behind the screen. New airline regulations for example, require travellers visiting to and from specific countries to check-in their laptops before boarding, a measure introduced in March 2017 that may become a permanent feature of airline travel. For those who take their laptops with them when away, the new regulation adds another level of stress to the trip: there’s a reason for years advocates have warned individuals to keep all electronics within carry-on baggage. Aside from increasing the obvious risk of device theft, with the flick a USB stick hackers can tamper with devices and run malicious software in seconds. Shutting down the laptop and requiring a password to access will slow down such an attempt, and a tamper evident bag will help show if your device has been opened since you last left it; but as the device could have been checked legitimately, monitoring software can see if things are out of place.
7. Check in with Your I.T Provider, and Evaluate the Risk
Sometimes, the best way to limit cyber security mishaps from occurring is to prevent the possibility of a problem in the first place. When traveling with personal or business electronic devices, look ahead at your plans and ask how much you’ll really need. For example, is there a reason to bring both your laptop and phone, or could you survive a few days with out them? Being selective over what to bring not only cuts back on crisis points that could happen while away, but saves added luggage room and some of the heavy lifting as you head to your destination! If going on a business trip or are determined to work abroad, don’t forget to also check in with your business’s IT team: they may praise your dedication, but it’s also possible there are business limits or restrictions on laptop travel or remote access in the first place. By letting internal cyber security personnel know when you’ll be away and where you’ll be connecting from, they can recognize remote access requests that might otherwise be suspicious. Likewise, once you’ve been told of any policies, don’t ignore them: if requested, leave the laptop at home.